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ABSTRACT 


An Information Warrior faces a complex and dynamic operating environment. To 
conduct an accurate Vulnerability Assessment and Risk Analysis of the enemy force (or a 
friendly force), a multitude of cause and effect relationships must be examined. Many 
times the person at the battle scene conducting the assessment may lack experience and/or 
knowledge, precluding a time-sensitive and effective assessment. The author proposes a 
framework for a global network of expert systems and decision support systems to 
conduct the Vulnerability Assessments and maintain Information Warfare readiness 
through realistic training. The author also presents a Vulnerability Assessment and Risk 
Analysis heuristic with the objective of expanding the knowledge base and decision speed 
at the on-scene commander level. In achieving and implementing this global network, 
numerous benefits can be realized, including increased effectiveness and efficiency in the 
receipt of intelligence information, thereby allowing for improved decision-making 
capabilities. Since the technology and know-how are already available, this vision of the 
global network is attainable and can be successfully implemented and operated. 
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I. INTRODUCTION 


A. EXPERT SYSTEMS IN INFORMATION WARFARE 

Information Warfare encompasses a broad area of operations, always hovering on 
the fringes of the battle space and beyond. Historically, battles have been won or lost not 
only on the “might” of the armies, but also on the value of the information gained on the 
opponent’s capabilities and weaknesses, and denial to the enemy of the same valuable 
information. Today’s technological advances have presented an opportunity for 
warfighters to gain an advantage over their adversaries. That advantage is knowledge of 
the enemy’s capabilities and weaknesses. 

In developing a Vulnerability Assessment of either enemy or friendly forces. 
Information Warfare experts look for weaknesses which can be exploited. With a finite 
group of experts available, scarce resources are spread thin. Expert systems can provide 
the breadth and depth of knowledge and experience of those experts at the battle-scene, 
thereby enabling less knowledgeable personnel to identify and evaluate an adversary’s 
weaknesses. Expert Systems and Decision Support Systems can perform this important 
facet of Information Warfare. In addition, using modeling and simulation, the same 
expert system can also train personnel in the theoretical and practical application of the 
concepts of Information Warfare while giving hands-on experience on the computer 
system. Finally, with today’s technological advances in artificial intelligence, using 
expert systems/decision support systems and modeling/simulation techniques to assist in 
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conducting Vulnerability Assessments and training can realize great benefits for the 
military in the realm of Information Warfare. 


B. PURPOSE OF RESEARCH 

Information Warfare and the use of expert systems/decision support systems to 
support the conduct of Vulnerability Assessments are the primary foci of this thesis. In 
order to automate this process, the author develops a heuristic for conducting 
Vulnerability Assessments, with applicability to a global network of expert systems and 
decision support systems in mind. To effectively employ this system, training is another 
issue that must be considered. The author presents the requirements for using the same 
expert system to conduct Vulnerability Assessments and training. The author examines 
the various training techniques to determine which ones will work well with the proposed 
expert system network. The training should cover the concepts and practical application 
of Information Warfare and provide expert system familiarization. In addition, several 
issues concerning the implementation of the global system, such as the necessary 
Educational Skills Requirements, system requirements, and the delivery path, are also 
addressed. In realizing the vision of a global network of expert systems/decision support 
systems conducting Vulnerability Assessments and training, benefits can be realized, such 
as increased speed and efficiency in the receipt of intelligence information. Improved 
decision-making capabilities and sailors trained in the practical application of Information 
Warfare concepts are the end results. 
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C. SCOPE OF RESEARCH 


Some of the topics presented in this thesis are discussed from a broad point of 
view since they are already discussed in current literature and an in-depth discussion is 
beyond the scope of a single thesis. Information Warfare is one of these topics. 
References annotated throughout Chapter II will provide the reader access to a further 
explanation. Expert Systems are treated similarly, again because the focus of this thesis is 
on a specific application of expert systems and not on the abundance of material that has 
been written on this particular subject over the past twenty years. 

Automated analysis is discussed with a more narrow focus to achieve clarity in 
presentation. The purpose of this thesis is to develop an heuristic to conduct 
Vulnerability Assessments and Risk Analysis that is non-specific to any particular target. 
This thesis examines the suitability of an expert system in actually conducting the 
Vulnerability Assessment based upon input from the battlefield commander or his 
designated representative, the cryptologist. That same expert system along with 
simulation software can also provide training in conducting Vulnerability Assessments, 
offering a more robust dual system to the command. The challenge of maintaining the 
currency of the information is also an issue addressed in this thesis. The potential for 
implementing a global network of many expert systems will provide for the most recent 
information available. The last topic presented includes a few of the practical 
implementation issues for the installation and operation of the global network. Therefore, 
the resources consulted during the course of this thesis include: 
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• a literature review of Vulnerability Assessments 

• a review of the methodology involved in developing Vulnerability 
Assessments 

• interview(s) of personnel who have conducted Vulnerability Assessments 

• a literature review of expert systems and decision support system technology 

• a literature review of current and planned training for Information Warfare for 
Vulnerability Assessments, Computer Science, and Information Technology. 

To research the feasibility of successfully achieving the vision of an expert system 
conducting the Vulnerability Assessment and providing the pertinent training, the 
following research questions are addressed in this thesis: 

• How can Expert Systems and Decision Support Systems assist in improving 
Vulnerability Assessments? 

• What Expert System technologies are being used in the civilian and/or the 
mili tary sector that could be used in developing Vulnerability Assessments or 
Information Warfare training? 

• To what extent are Expert Systems and Decision Support Systems currently 
being used in the military for analysis of activity? 

• What are the core competencies/educational skills requirements for 
Information Warfare, Computer Science, and Information Technology? 
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• What role does Expert Systems have in Information Warfare? How can 
Expert Systems/Intelligent Agents/Simulation help in training for Information 
Warfare? 

• Is there a reasonable expectation that a global network of expert systems and 
decision support systems can be successfully implemented? 


D. THESIS ORGANIZATION 

Information Warfare is a broad area to discuss because of its relatively recent 
emergence into the limelight. While many personnel have been conducting Information 
Warfare over the years, these same personnel usually have different perspectives on what 
Information Warfare really entails. Therefore, following MOP 30 and Joint Pub 3-13 
guidance, the author provides a summary of Information Warfare as defined by the 
United States Naval Service. 

Technology has provided the means to achieve the objectives of Information 
Warfare. Assessing the capabilities and weaknesses of the enemy are vital to the success 
of Information Warfare; therefore, the author explores the possibility of automating the 
Vulnerability Assessment process. The other chapters in this thesis support this same 
process. This thesis is divided into six chapters and two appendices: 

• Chapter I - Introduction. This chapter introduces the topic and goal of 

developing a methodology for conducting Vulnerability Assessments, with an 
explanation of the purpose and scope of this thesis. 


5 




• Chapter II - Information. This chapter presents a discussion on Information 
Warfare and Command and Control Warfare based on the guidance provided 
within Naval instructions. 

• Chapter III - Modeling Information Warfare for Automated Analysis. This 
chapter presents the heuristic for conducting Vulnerability Assessments and 
Risk Analyses. 

• Chapter IV - Expert Systems for Information Warfare. This chapter discusses 
the use of Expert Systems within the Information Warfare and Command and 
Control Warfare arena. 

• Chapter V - Implementation Issues of Expert Systems for Information 
Warfare. This chapter presents a discussion on the issues involved in 
implementing a global network of expert systems and decision support 
systems. 

• Chapter VI - Conclusion. This chapter presents the author’s viewpoint on the 
feasibility of using a global network of expert systems and decision support 
systems to conduct Vulnerability Assessments and provide realistic training. 

• Appendices 

• Appendix A - Impact Tables (Virus, Technology, Geopolitics, 
Economics). These tables summarize the information currently 
available on the impact of these four variables on a computer or 
computer system. 
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• Appendix B - Expert Systems/Decision Support Systems. This 

appendix presents a further explanation of expert systems and decision 
support systems. 
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II. INFORMATION WARFARE 


Information Warfare plays a vital role in battle. The commander with the most 
current intelligence information gains crucial minutes to formulate an attack or prepare 
for a counter-attack, giving that same commander a distinct advantage over the adversary. 
Today’s technological advances have presented an even better opportunity for warfighters 
to gain an advantage over their adversaries. An historical example is the information 
obtained from space surveillance assets which gave Allied forces an advantage during the 
air supremacy campaign of Desert Storm. Consequently, one can say that advanced 
knowledge of the enemy’s intentions and capabilities gained from the use of Information 
Warfare gives the battlefield commander the ultimate advantage. 

In developing a Vulnerability Assessment for Command and Control Warfare 
(C2W) either of enemy or friendly forces. Information Warfare experts look for 
weaknesses to exploit or attack. Since subject matter experts are a scarce resource and 
not always available on-scene, capturing their valuable knowledge in an integrated expert 
system and decision support system is critical to helping to identify an adversary’s and 
one’s own weaknesses. Technology, in the form of an integrated Decision Support 
System and Expert System, can handle this important facet of Information Warfare. This 
type of technology offers the greatest opportunity to expand the capabilities of 
Information Warfare in the C2W environment from both a strategic and tactical 
perspective. 
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A. INFORMATION WARFARE 


However, before delving into how this technology can be employed in the 

Information Warfare arena, it is necessary to discuss the precepts of Information Warfare. 

Admiral Boorda had this to say about Information Warfare, 

“Information Warfare is about warfighting - making sure that the people 
who go fight have the very best chance to get their mission done, win that 
fight, and come home safely. ” [Ref. 1] 

The Joint Doctrine for Command and Control Warfare (C2W): Battlefield Application 
of Information defines Information Warfare as “those actions taken to achieve 
information superiority in support of national strategy by affecting adversary information 
and information systems, while leveraging and protecting our own information and 
information systems.” [Ref. 2: p. 1-5] The major difference between Information Warfare 
and C2W is that Information Warfare operates in support of national strategy and 
supports the full range of combat and non-combat missions across the range of military 
and non-military operations. C2W is the battlefield application of Information Warfare. 
[Ref. 2: pp. 1-5 to 1-6] 

C2W is the integrated use of the five Pillars of Information Warfare to achieve 
superiority over the enemy. The five pillars are: 

• Psychological Operations 

• Military Deception 

• Operations Security 
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Electronic Warfare 


• Physical Destruction. 

All of these are mutually supported by intelligence to deny information to, influence, 
degrade, or destroy the adversary’s C2 capabilities. [Ref. 2: p. 1-7] These actions occur 
while protecting friendly C2 capabilities from similar efforts by the enemy. To be 
effective, C2W must allow the joint battlefield commander to affect the adversary’s 
decision-making without degradation of his own assets. In order to accomplish this goal, 
the friendly commander could use one or a combination of the following actions: 

• “disrupt the enemy’s decision cycle 

• delay the enemy’s processing and dissemination of information through the 
decision cycle 

• influence the enemy’s perception of the military situation to prevent the enemy 
commander from affecting the friendly commander’s decision-making. ” [Ref. 
2: p. 1-7] 


Any or all of these actions might impair the adversary’s decision-making capabilities. A 
joint commander can affect these actions by any of the following means: 

• slowing the enemy’s operational tempo 

• disrupting any plans the adversary might have 
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• disrupting the enemy commander’s ability to focus combat power 

• influencing the enemy commander’s estimate of the situation. 

At the same time, the friendly commander must minimize his vulnerabilities against the 
possibility of the same enemy actions directed at his forces. [Ref. 3: p. 2] Therefore, the 
battlefield commander must coordinate C2W tactics to ensure minimal interference from 

friendly forces. 

The Chairman of the Joint Chiefs of Staff, Memorandum of Policy No. 30 states 
that the objective of C2W is to “maximize U.S. and allied military effectiveness by 
integrating C2W into military strategy, plans and operations, exercises, training, 
communications architectures, computer processing, systems development, and 
professional education.” [Ref. 3: p. 1] By employing IW techniques in all aspects of 
C2W, friendly forces can achieve the end result of decapitating the enemy s command 
structure from its body of combat forces. [Ref. 3: p. 3] The underlying rationale for this 
reasoning is that military forces are highly dependent upon timely and accurate 
information for effective application of combat power. Modem combat forces achieve 
this information through their command and control structure. [Ref. 3: pp. 3-6] 

Policy and decision makers agree that the speed and pace of battle and the agility 
of combat forces continually increase as the battle progresses. [Ref. 3: pp. 3-6] 

Therefore, the battlefield commander with the greater ability to evaluate the battlefield, 
expose, and exploit the enemy’s vulnerabilities will have a greater chance to prevail. [Ref. 
3: pp. 3-6] The battlefield commander uses this knowledge to seize the initiative, 
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hopefully forcing the enemy into a reactive mode. As noted by Jomini, purely defensive 
maneuvers rarely win the war. [Ref. 4: p. 168] 

Synergistic application of the Five Pillars of Command and Control Warfare 
maximizes combat power, which is the force applied by either friendly or adversary 
troops that is necessary to achieve the objective. [Ref. 3: pp. 3-6] The combined use of 
operations security, military deception, psychological operations, electronic warfare, and 
physical destruction can effectively disrupt the enemy force’s decision cycle, thereby 
allowing the friendly commander to seize the initiative. Paralysis, misdirection, fear, and 
insecurity are just a few of the potential outcomes. 

B. THE FIVE PILLARS OF COMMAND AND CONTROL WARFARE 

1. Operations Security 

Operations Security (OPSEC), is defined as a process used for denying the 
adversary information about friendly intentions, capabilities, or limitations. [Ref. 5: p. 

265] The effective employment of the OPSEC process can: 

• “protect U.S. and allied forces from an enemy C2W strategy 

• identify friendly actions that an adversary can observe 

• determine indicators that an adversary could use to derive critical information 

• develop and execute measures that eliminate or reduce friendly vulnerabilities 
to exploitation by adversary collection means. ” [Ref. 6: pp. 1-32 to 11-33] 
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Military forces achieve these actions by first performing a Vulnerability Assessment. 
Putting OPSEC into practice means avoiding mention of upcoming battle plans or 
supporting activities in areas easily observed by the enemy. An enemy agent can piece 
together isolated comments or activities such as numerous unscheduled cargo flights or 
military leave being canceled, to accurately guess friendly intentions. Denying the enemy 
commander this advance information can help achieve the element of surprise. 

2. Military Deception 

The second pillar of C2W is Military Deception which involves actions taken to 
mislead enemy decision makers or protect friendly capabilities. [Ref. 7: p. 23] Its stated 
goal is to cause the enemy decision maker to respond in a manner that assists in the 
accomplishment of friendly objectives. [Ref. 5: p. 230] In plain terms, displaying actions 
that would lead the enemy to believe a person or unit will take a particular action, 
eliciting a desired incorrect reaction from the opponent. However, in reality, the action 
will be conducted in a totally different way. In short, the battlefield commander will 
deceive his opponent. Several key factors have been identified for Military Deception to 
be effective. These key factors include: 

• “the deception must have an objective 

• the targeted enemy commander must have the decision authority to make the 
desired decision 

• a story complete with a notional order of battle must be available to back up 
the executed deception 


14 



• a means must exist to evaluate the effectiveness of the deception. ” [Ref. 2: p. 

GL-5] 

A military commander must carefully plan and coordinate militaiy deception operations 
in concert with conventional battle plans to achieve maximum effectiveness. 

Throughout history, military commanders have used deception against the enemy. 
For example, during the Revolutionary War, General George Washington’s forces created 
forged documents stating that the total number of American troops in Pennsylvania 
reached 40,000 men instead of the actual number of 3,000 men. These documents were 
“captured” by the British, who of course believed the forged documents. [Ref. 8: p. 23] 
Another example is from the Persian Gulf War. The coalition forces continually 
conducted amphibious rehearsals and exercises along the Persian Gulf. Those exercises 
combined with other deception operations convinced the Iraqis that the coalition’s 
primary intention was to conduct an amphibious assault. The coalition achieved total 
immobilization when they instead commenced operations in a totally different direction. 
[Ref. 9: p. 24] These examples exhibit how effective military deception operations can be 
in changing the enemy commander’s decisions. 

3. Psychological Operations 

The objective of Psychological Operations (PSYOP), the third pillar, is to cause or 
reinforce attitudes and behavior that will result in the favorable attainment of friendly 
force objectives. [Ref. 7: p. 24] The aim of these operations is to lower morale, reduce 
the efficiency of enemy forces, and cause “dissidence and disaffection within their ranks.” 
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[Ref. 10: p. 1-1] In order to attain this goal, the message conveyed to the enemy troops 


must: 


• be based in fact 

• be verifiable by whatever means the adversary has available 

• consider the perceptions and considerations of those who are targeted. 

If the enemy does not believe that a deceptive message is true or that friendly forces 
cannot cany out the threat or action, then the effectiveness of PSYOP will be greatly 
reduced. [Ref 11: pp.12-14] 

For a military commander to plan and execute a psychological operation, he/she 
requires extensive information about the location and identity of the target, any 
vulnerabilities, and knowledge of the existing political, economic, social, cultural, and 
historical infrastructure within the target area. [Ref. 10: p. 1-1] Once this information is 
gained from intelligence sources, the military commander decides what “message” he/she 
wants the enemy to receive and may employ a variety of means to deliver it. These 
methods could include, but are not limited to political and diplomatic communiques, 
leaflets, or loudspeaker broadcasts. These tools can be used in any manner to encourage 
enemy forces to desert or surrender. [Ref. 12: pp. III-44 to III-45] 

Historically, military deception has played a part in many wars. For example, in 
World War II, the U.S. spread propaganda through leaflets and radio broadcasts in the 
hopes of undermining the enemy’s will to resist, demoralizing the enemy’s troops, and 
sustaining the morale of allies. [Ref. 13: pp. 20-21] Years later during the Persian Gulf 
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War, coalition forces dropped radios tuned to American propaganda stations, pamphlets, 
and leaflets combined with the BLU-82 bombs. The bombs blasted a path through Iraqi 
ground forces. The radios, pamphlets, and leaflets, combined with the bombs, 
contributed to a significant increase of Iraqi soldiers surrendering to coalition forces. 

[Ref. 13] More recently, U.S. forces dropped pamphlets and leaflets in Haiti encouraging 
the populace to follow the legal Haitian president. Militaiy deception can be used to gain 
an advantage over the enemy by creating vulnerabilities within the enemy ranks. 

4. Electronic Warfare 

Electronic Warfare, the fourth pillar, is any military action that involves the use of 
electromagnetic or directed energy to attack an enemy or control the electromagnetic 
spectrum. [Ref. 12: pp. GL-7 to GL-8] This broad area is divided into three subdivisions: 
electronic attack, electronic protect, and electronic warfare support. The offensive arm of 
electronic warfare is electronic attack which involves the use of electromagnetic or 
directed energy to attack the enemy with the intent of degrading, neutralizing, or 
destroying combat capabilities. It also includes actions such as anti-radiation or directed 
energy bombs or missiles that prevent the enemy from using the electromagnetic 
spectrum. The defensive arm of electronic warfare is electronic protect and includes 
actions to protect friendly forces from the use of enemy electronic warfare measures. 

[Ref. 12] One example of electronic protect is to stop the enemy from jamming the 
portions of the electromagnetic spectrum used by friendly forces. In order to employ 
either the attack or protect mode, the friendly forces need information to assist in making 
decisions. Electronic warfare support uses intelligence assets to collect and disseminate 
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information for immediate decisions involving electronic warfare operations. [Ref. 12] 

The use of electronic warfare can have a catastrophic effect on the enemy. For example, 
during Desert Storm, coalition forces jammed Iraqi communications and sensors and 
disrupted their command and control to limit the Iraqi ability to gather information and 
transmit decisions. [Ref. 7: p. 26] 

5. Physical Destruction 

The fifth pillar of Information Warfare is Physical Destruction, which is the ability 
to identify, locate, and prioritize enemy targets accurately and then destroy them 
selectively. [Ref. 5: p. 113] Since the overall guiding principle of C2W is to integrate 
disruptive means without using large amounts of limited destructive resources, the 
battlefield commander must decide on the relative importance of each target. [Ref. 14: p. 
viii] If the target is important to achieving the battle plan, the battlefield commander 
must determine the amount of destructive resources that will destroy or neutralize the 
target. In short, the importance of the enemy target in the overall battle objective is the 
deciding factor on whether or not that target should be destroyed, neutralized, or ignored. 

C. THE INTELLIGENCE PROCESS 

1. Intelligence Support 

The Five Pillars of Command and Control Warfare enable the military commander 
to employ various measures to achieve victory on the battlefield. Individually, the use of 
each pillar will attain limited success; however, the integrated use of all or some of the 
pillars increases the chances of exploiting the enemy’s vulnerabilities to the fullest extent. 
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But battle plans formulated without considering the use of Intelligence Support denies the 
military commander necessary information. One can say that intelligence support is 
critical to the success of C2W. The bottomline is that the operational commander must 
have the best intelligence on enemy situations, intentions, and capabilities to weigh the 
potential advantage of specific actions. [Ref. 3: pp. 6-7] 



Intelligence Infrastructure 


Figure 1. The Command and Control Warfare Umbrella [Ref. 7: p. 28 


Figure 1 shows how intelligence support underlies and supports the Five Pillars of 


Command and Control Warfare, contributing information to each pillar. This valuable 


information is gained through the collection, evaluation, analysis, and interpretation of all 


available information. [Ref. 3: p. 7] Examples of intelligence support include: 


• developing and maintaining databases of sufficient detail to support C2W in 


geographic areas of potential conflict 
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• identifying critical C2 nodes, links and sensors of potentially hostile nations 

• understanding of potential enemy C2, communications, peacetime and 
wartime operating modes of sensor systems, organizational structure and 
netting, procedures, and deployment to support precision-guided 
munitions/electronic warfare 

• assessing capabilities, limitations, and vulnerabilities of potential C2 targets 

• identifying die power structures of key political and military leaders in 
potentially hostile nations, and obtaining biographical data and psychological 
profiles of leaders 

• estimating hostile counter C2 capabilities to assist in determining the 
vulnerability of U.S. C2 capabilities and impact on U.S. and friendly military 
operations 

• providing timely and reliable indications and warning information to 
operational commanders 

• providing timely information to persons and systems during actual 
engagement of enemy forces 

• providing accurate direction finding 

• supporting battle damage assessments. [Ref. 3: pp. 6-10] 

This information is gained through the cooperation of many intelligence agencies 
(national, theater, and tactical levels), and all collection efforts (HUMINT, SIGINT, 
MASINT, IMINT, etc.). The information is then fused to provide the most up-to-date all¬ 
source intelligence to the militaiy commander. It is important to recognize that the best 
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operational plan uses the optimal mix of assets. Intelligence is the key to achieving this 
mix. Figure 2 displays some of the information provided to the battlefield commander and 
to which of the five pillars it applies. 
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Figure 2. Intelligence Support to Command and Control Warfare [Ref. 7: p. 30] 


2. Feedback and Bomb Damage Assessment (BDA) 

The importance of obtaining feedback and BDA on the effectiveness of the C2W 
measures cannot be stressed enough. This information will provide the friendly force’s 
intelligence assets with an assessment on the degradation of the enemy’s systems. Using 
this information, the C2W planners will be able to update their objectives and priorities 
and fine-tune the battle plan. [Ref. 15: p. 4-12] 
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III. MODELING INFORMATION WARFARE FOR AUTOMATED 

ANALYSIS 

Vulnerabilities are the Achilles Heel of an enemy or friendly force. In developing 
a Vulnerability Assessment, Information Warfare experts look for weaknesses which can 
be exploited. Since subject matter experts have many demands on their time and may not 
be readily available, capturing their valuable knowledge can assist others in helping to 
identify vulnerabilities. Technology in the form of an integrated Expert System and 
Decision Support System can perform this vitally important aspect of Information 
Warfare. 

A. VISION 

During peacetime operations, planning is even paced, allowing time to recheck 
plans for missed details. However, when the situation becomes stressful and time is a 
scarce commodity, real-time problem solving exaggerates many human limitations - “the 
tendency to overlook relevant information, to respond inconsistently, to respond too 
slowly, or to panic when the rate of information flow is too great.” [Ref. 16: p. 264] All 
of us can imagine a normal day that suddenly changes because a situation has developed 
that demands your complete attention. 

Picture this, the battlegroup commander wants to know where a particular enemy 
force is most vulnerable. Gathering as much information on the enemy force as possible, 
you begin inputting the information into the expert system. The intelligence headquarters 
provides an expert system using the latest technology and a knowledge base obtained 
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from the intelligence field’s experts. Based upon the strategic goals of the battlefield 
commander, this expert system will help identify the most vulnerable area(s) of the enemy 
force, ensuring that all possible areas are explored. You are now engaged in Command 
and Control Warfare, the battlefield application of Information Warfare. 

B. MODELING INFORMATION WARFARE FOR AUTOMATED ANALYSIS 

Vulnerability assessments are a critical part of Information Warfare. They are a 
tool used to identify the enemy’s weaknesses and evaluate them for future exploitation. 

To assist in performing this assessment more efficiently and effectively, the author 
developed a heuristic for automated analysis. The purpose of this heuristic is to provide 
non-experts with a suggested procedure to identify a target’s vulnerabilities. The target 
encompasses a range of possibilities from the actual battlefield to the enemy command 
and control center(s) and pertinent systems. 

The author reviewed approximately twenty-nine vulnerability assessments, [Refs. 
17-45], to determine how each assessor had performed the analysis. From assessing 
cruise missiles, buried concrete bunkers, airplanes, or tanks, to assessing networks and 
computer systems, all of the vulnerability assessments followed the same general pattern, 
with some variation due to the specificity of the target. The heuristic below illustrates a 
general procedure for performing a vulnerability assessment that the author developed by 
comparing the procedures followed by the authors of the twenty-nine vulnerability 
assessments. 
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C. HEURISTIC 


1. Identify the objective, mission and/or target. 

2. Break the target down into subcomponents, and describe in detail the IW attributes of 
each subcomponent of the target. Develop a hierarchy of subcomponents or a 
network view of the target (this will help later with failure node analysis.) Either of 
these will help determine the interoperability of the components. The decomposition 
should consist of enough detail to “predict” the effect of actions such as disconnecting 
the command structure cohesiveness of enemy commander. 


3. Identify the center of gravity . Use failure node analysis to identify the interoperability 

of components. Basically, failure node analysis is neutralizing a component of the 

target and determining what other target components will be affected by the “failure” 

of the first neutralized component. The importance of establishing the center of 

gravity cannot be stressed enough. As Clausewitz stated: 

“One must keep dominant characteristics of both belligerents in mind. 

Out of these characteristics a certain center of gravity develops, the hub of 
all power and movement, on which everything depends...It is therefore a 
major act of strategic judgment to distinguish these centers ofgravity in 
the enemy’s forces and identify their spheres of effectiveness. ” [Ref. 46: 
pp. 595-6 and p. 468] 


4. Categorize and identify vulnerabilities . Vulnerabilities are defined as “a weakness or 
lack of controls that would allow or facilitate a threat actuation against a specific asset 
or target.” [Ref. 47: pp. 69-88] Categories of vulnerabilities fall under four different 
classifications: 
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• Long-term investment (e.g., the ability to control the enemy’s 
infrastructure) 

• Lack of Discovery (e.g., friendly forces apply a threat without the enemy 
discovering the action) 

• Possible Discovery (e.g., friendly forces apply a threat and the enemy 
might discover the action) 

• Information denial (e.g., bomb the telecommunication antennas). [Ref. 48] 

If possible, obtain lists of vulnerabilities already identified (from open and classified 
sources such as manufacturers and research efforts, assessments already completed, 
intelligence analyses, expert opinion, personal experience, other commands/agencies, 
etc.). 

5. Perform a target assessment . This step correlates threats with vulnerabilities. In the 
case of offensive action, correlating friendly assets with enemy vulnerabilities, and in 
the case of defensive action, correlating enemy assets with friendly vulnerabilities. 
This step determines the highest impact per applied threat. 

6. Evaluate vulnerabilities . Every system is vulnerable to some degree. The purpose of 
a vulnerability analysis is to determine the marginal or incremental importance of 
each vulnerability relative to all other possible vulnerabilities. The purpose of the 
evaluation is to categorize and hopefully depict clusters of vulnerabilities. [Ref. 31: p. 
4] This is a critical step in the vulnerability assessment, because without the 
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clustering of vulnerabilities, the assessor cannot perform failure node analysis to 
discover the center of gravity. The evaluation is subjective because it depends upon 
the evaluator’s personal experience and knowledge. Nevertheless, this subjective 
information must be translated into quantitative data in order to compare the relative 
importance of vulnerabilities. This will also assist in the implementation of an expert 
system to perform the vulnerability analysis. Location of the target, mission 
requirements, and even the hardware/software used within the target are some of the 
factors that are considered during the course of the evaluation. [Ref. 31: p. 4] A key 
challenge is to determine which of the target components are actually affected by each 
vulnerability. The failure node analysis process will also assist in determining the 
target components that each vulnerability affects. Another key challenge is to 
determine how to evaluate the vulnerabilities affecting each functional area to provide 
an overall vulnerability rating for each area. 

7. Develop model of vulnerability assessment process. This includes a model of the 
target subcomponents compiled to achieve a model of the entire target. Determine the 
variables that impact the system, such as the effect of viruses, technology, geopolitics, 
and economics, see Appendix A. An additional step in this process is an adjustment 
for time; determining how changes in the variables change or impact a target over 
time. This factor is subjective and is determined by the battlefield commander. One 
point that should be mentioned is that the variables will change depending upon 
whether the “war” is considered Command and Control Warfare (cyberwar) or 
Information Warfare (netwar). [Ref. 49: p. 141] 
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8. Derive the incremental analysis. A method that will provide some objectivity 


involves determining how one subcomponent changes with respect to changes in 
another subcomponent. The objectivity results not from relying on the value of 
individual variables, but in examining their interdependence. Most of the 
vulnerability assessments that the author analyzed developed the methodology as if 
the vulnerability existed in a single part of a system. Using incremental analysis 
allows the assessor to account for the response of a system with interdependencies to 
different threats. As one variable changes, the impact of the change is reflected 
throughout the system. To use this method, a number of steps are required. 

• Derive the Vulnerability index . The vulnerability index reflects a relative 
impact that successful exploitation will have on a system. Changing one 
variable will have some measure of an impact on the overall system 
performance and effectiveness. This index will model that impact. 

• Model the target using the detailed description from step 2 above. Include 
identified vulnerabilities from any associated threats and outside influences 
affecting the system. Figure 3 models one subcomponent of a target, allowing 
the user (assessor) to visualize the different variables (i.e., labor, capital, 
outside influences, time, and any vulnerabilities) that affect the target or 
system. Figure 4 is a linear perspective for this same model, which includes a 
subjective importance rating of the particular subcomponent to the overall 
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target. Figure 5 is a model for an entire target, depicting the independence and 
interdependence of the subcomponents. 



Figure 3. Subcomponent Model 


Variables can affect the target at different levels. For instance, outside 
influences could affect the target at either Level 1 or 2, or even both levels. 
The assessor must determine this relationship. 





Effectiveness — Vulnerability Index 





• Determine the Impact of the Vulnerability . Exploiting a particular 

vulnerability may impact the entire system. This value quantifies the level of 
this impact. The actual value is determined by a subjective evaluation of 
factors, as determined by expert analysts and by the user. For example, since 
computers are the backbone of many military systems, exploiting their 
vulnerabilities by inserting a virus into the computer software can have 
potentially serious consequences on the entire military system at little cost to 
the attacker. Table 1 depicts the effect that a virus could have on a system and 
the potential impact this particular virus could have on the overall target. The 
expert or cryptologic/intelligence officer will assign a probability depending 
upon how the virus is predicted to impact the selected target, thereby 
achieving the military objective. Complementary Metal Oxide Semiconductor 
(CMOS) is a battery powered portion of memory that holds the date, time, and 
system setup parameters. The Basic Input/Output System (BIOS) contains all 
of the code required to control computer functions such as the keyboard, 
display screen, disk drives, etc. [Ref. 50] If one of these subsystems is 
infected, no one can use the computer. The Master Boot Record (MBR) is the 
portion of the computer that is accessed to start the operating system. 


Table 1. Vulnerability Impact Assessment [Ref. 51] 



Virus 


Type 

Effect 

impact (assianed 

Boot Infectors 


by decision-maker) 

AntiCMOS (LENART) 

Blanks CMOS/BIOS values. 

.6 (for example) 

AntiEXE (Newbug) 

Overwrites MBR. 

.3 (for example) 

Da' Boys 

Overwrites the DOS 5.0 Boot Sector. 

.7 (for example) 

ExeBug 

Makes small changes to MBR. 
Changes computer's CMOS. 

.2 (for example) 

Form 

Doesn't infect files. 

Moves original boot sector. 

.4 (for example) 
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• Determine the Time-Adiusted Factor . This value represents the amplification 
of the effects of Technology, Geopolitics, and Economic Factors on the target 
based on the time of threat application. Tables 2-4 depict a portion of a 
potential Impact Assessment for Technology, Geopolitics, and Economics. 
Table 5 shows how the battlefield commander would decide the changes in 
imp ortance of Technology, Geopolitics, and Economics over time (from a 
cyberwar (C2W) perspective). The battlefield commander may decide that it 
is more important to attack sooner (in time periods 1 or 2) rather than later (in 
time periods 5 or 6). Therefore, the battlefield commander would assign a 
high number (like .6) to time periods 1 or 2, and a low number (like .1) to time 
periods 5 or 6. Examples of these three tables are contained within Appendix 
A and Tables 2-4. It is important to distinguish between netwar (IW) and 
cyberwar (C2W). Netwar applies to “societal struggles most often associated 
with low intensity conflict by non-state actors, such as terrorists or drug 
cartels. On the other hand, cyberwar refers to “knowledge-related conflict at 
the military level.” [Ref. 49: p. 141] Therefore, the impact of affecting the 
socio-economic balance (which would become a variable in the event of 
netwar) would not be considered if the friendly commander is conducting 
cyberwar. Table 2 lists the various technologies considered important by 
priorities (Priority 1,2, and 3) and the potential effect that these technologies 
can have on current combat capabilities if breakthroughs occur. Table 3 lists 
the effects on the military and society in general (which would affect the 
mentality of the populace) of the different types of governments. Table 4 lists 
the effects of some of the various economic indicators, which are selected on 
the basis of impact on military spending. 
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Table 2. Potential Technology Impact Assessment [Ref. 521 



Technology 


Type 

Priority 1 

Force Protection 

Effect 

Goal 

Impact (assianed 
by decision-maker) 

Active camouflage, 

Makes soldier invisible, 

Invisible 

.7 (for example) 

active thermoelectric 

day or night, to whole 

Soldier 


ribbons,IR sensors, 

range of battlefield 

Image 


microprocessors, 

sensors across 

Avoidance 


enhanced light weight 

electromagnetic 

and 


power sources, heat 

spectrum. 

Signature 



Table 3. Potential Geopolitical Impact Assessment [Ref. 53] 



Geopolitics 


Type 

Effect 

Impact (assigned 

Government 


by decision-maker) 

Democratic 

Free speech, free market economy 

.6 (for example) 

Isolationist Poor economy 

.2 (for example) 

Participative Deterrence and containment, 

.4 (for example) 

(UN) 

sanctions, keep peace 


Communist 

No free speech, money for military 

.7 (for example) 

Socialist 

No free speech, money for military 

.7 (for example) 

Fascist 

No free speech, money for military 

.7 (for example) 

Totalitarian 

No free speech, money for military 

.7 (for example) 

Dictatorship 

No free speech, money for military 

.7 (for example) 

Change in Government 


Coup 

Military enforcement 

.7 (for example) 

Election 

Generally peaceful 

.3 (for example) 

Table 4. 

Potential Economic Impact Assessment [Ref. 54] 


Economics 


Type 

Effect 

Impact (assigned 
by decision-maker) 

Interest Rates 

Adjusts for inflation. 

.3 (for example) 

Value of dollar 

Can indicate inflation. 

.5 (for example) 

Inflation 

Weakens currency’s buying power. 

.7 (for example) 

Industry Prices 

Affects prices on defense contracts. 

.8 (for example) 

Defense Budget 

Determines how much military 
can spend 

.9 (for example) 
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Table 5. Time Adjusted Factor fRef. 55: p. 169] 
Time-Adjusted Impact 


Total Impact = ImpactfTechnology) * Impact(Geopolitics) * lmpact(Economics) 
See Technology, Geopolitics, and Economics Impact Tables 


Time 

Relative Importance 

Total 

Time Weiahted 

Period 

of Time 

x Impact = 

Fraction 


1 0.5 

0.105 

0.0525 


2 0.3 

0.105 

0.0315 


3 0.1 

0.105 

0.0105 


4 0.1 

0.105 

0.0105 


5 0 

0.105 

0 

...n 

Total 

1 


Sum of Row = .105 


Table 5 accounts for the impact of the three aforementioned variables over 
different time periods. This type of analysis allows the battlefield commander 
to judge the effect of either employing C2W or Information Warfare tactics on 
a short term or a relatively long term basis. These equations are very difficult 
if not impossible to complete at the local commands, which is why an expert 
system is necessary. 

• Develop the system mathematically with the inherent interdependencies . For 
example, the vulnerability index is a function of subcomponent 1, 
subcomponent 2, and subcomponent 3, etc.. Once the interdependencies have 
been established, the equations shown below depict how a change impacts the 
other parts of system. This works by first establishing an initial estimate of 
the variable (i.e., Capital, Labor, Vulnerabilities, etc.) and then multiplying 
and changes in that initial estimate with respect to the subcomponent system. 
For example, investing money in a new operating system affects the command 


34 





and control portion of the target, so K will change with respect to its effect on 
the enemy’s command and control system. 

K = Capital 
L = Labor 

T = Time_ Adjusted_ Factor 
F = Outside_ Influences 
V = Vulnerabilities 

X x = Subcomponent _ system_ of _T arg et_ X 
X xx = Subcomponent _of_X x 
X x2 = Other_Subcomponent_of _X x 
E scx = Effectiveness of Subcomponent _1 



Equation 1. Variables affecting the Target X 


Equation 1 defines the target as a function of several variables. The 
subcomponents of Target X x are derived below in Equations 2 and 3, 

quantifying the changes in the variables affecting the two subcomponents of 
the target. Equation 4 derives the incremental analysis for Target X x . 


dX x , dX x . dX x , dX x , dX ,. dX xx 3X xx 

= *^)HT U *^W U *^+(^+^+-^4] 


«u‘ 






^1,1 ^,U <^1,1,2 ^1,1,3 


Equation 2. Incremental Analysis for Subcomponent 1 of the Target X 


*,,2 =[(*12 




) + (A,2 




^1,2 


<3T 1; 


2 cX x2 


+ *^r-) + (F u + 


^1,2 


^ 1,2 ^ 1 , 2,1 ^ 1 , 2,2 ^ 1 , 2,3 


Equation 3. Incremental Analysis for Subcomponent 2 of the Target X 
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A 
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^ Total 

&sa 

dE Total 

3E S C2 

Total 

CE S C3 


E Total ~ KEsa * A) + (ffsc2 * I 2 H — 

Equation 5. Effectiveness of the Threat 


Equation 5 depicts the equation to determine the effectiveness of any changes 
in the variables affecting the Target X . The impact is determined by 
computing the incremental analysis effect of the target X with respect to the 
incremental analysis effect of each individual subcomponent of the target, 

( X x ) or ( E scl ). Equation 6 is the effectiveness of the threat on the entire 

target. This equation is a compilation of Equations 1-5. 
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• Determine the commander’s rating of importance for the subcomponents using 
the Analytical Hierarchy Process (AHP) [Ref. 56: pp. 32-34], see Figures 6-9. 
The AHP forces discipline in structuring the problem and allows the problem 
to be broken down into manageable parts. This process also allows for the 
integration of the various criteria in the decision process and helps identify the 
most important element of the decision. [Ref. 56: p. 34] In this case, AHP will 
establish a prioritized list of vulnerabilities, by asking the battlefield 
commander to choose the more important vulnerabilities from a series of 
vulnerability pairs. By asking the commander a series of “Which is more 
important?” questions, the AHP system can produce a ranked list of 
vulnerabilities respective of the desired outcome, see Figure 7. The 
commander can then perform a “What if?” analysis with the results. 
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Figure 8. AHP Rating Process 
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Figure 9. Sensitivity Analysis Chart 
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The Sensitivity Analysis in Figure 9 can assist the battlefield commander in 
determining the effects of exploiting the different vulnerabilities. By moving 
the current value line either left or right, the best option may change. For 
instance, moving the current value line to the left will show that outcome 2 
becomes the best option based upon the priorities set during the AHP Rating 
Process, as depicted in Figure 8. 

• Multiply the Importance Rating by the results of the incremental changes 
equation to obtain the Vulnerability Index for each subcomponent of the 
target. Then add these values together to obtain the Vulnerability of the 
Target, (E To tai), see Equation 6. This gives a relative value of the integrated 
target vulnerability. For example, after determining the effects of the changes 
on the various parts of the Command and Control system, the Value of the 
vulnerabilities within the Command and Control system is Y. The Importance 
Rating for the C2 system is .8. Therefore, the Vulnerability index for the 
Command and Control system is .8 * Y. After obtaining this value for each 
subcomponent of the target, then add the subcomponent values together to 
obtain the Vulnerability Index for the target. 

8. Risk analysis . 

Risk analysis is the process where the battlefield commander must determine 
how much risk he/she is prepared to take to achieve the objective. To accomplish 
this, several steps must be completed. 

• Identify the risks associated with the application of each possible threat. 

• Correlate the risks with the vulnerabilities. 
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• Use Analytical Hierarchy Process to help the battlefield commander to 

prioritize the risks, much the same as the process for the commander’s rating 
of importance for each subcomponent, see step (f). 

Determine which vulnerabilities have the most impact across the target as a whole 
(performed in the vulnerability analysis step) and the cost information (risk 
exposure) associated with each vulnerability being exploited. The best 
vulnerability to exploit may not have the highest impact because of the risk 
associated with it. The user (or assessor) must determine the most important 
criteria affecting the goal, then break each criteria into subcriteria, see Figure 10. 
Figure 11 depicts the criteria and subcriteria with the desired outcomes. Figure 12 
allows the user (assessor) to determine the relative importance of the criteria and 
subcriteria. Figure 13 is the final product of risk analysis and indicates which 
vulnerability clusters) provide the most favorable balance of impact and cost (risk 
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Figure 13. Sensitivity Analysis Chart 


The user can perform a sensitivity analysis, depicting the effect on risk when 
the commander changes the mix of resources, see Figure 13. By moving the 
current value line to either side, the best option may change. For instance, 
moving the current value line to the left will show that outcome 2 becomes the 
best option based upon the priorities set during the AHP Rating Process, as 
depicted in Figure 12. 

• Determine the probability of mission success. The person performing the 
assessment will determine the probability of the success of each option. To 
achieve this probability, the assessor must determine the probability of the 
threat occurring and the probability of the effect occurring, see Figure 14. 
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P{EIR) = P(EIT)*P{TIR)\ 

Equation 7. Probability of Mission Success 

P(E/T)= Vulnerability Analysis (Probability of the Effect Occurring, given 

the threat) and 

P(T / R)= Risk Analysis (Probability of Threat Occurring, given the 

resources) 


Equation 7 is the equation for determining the Probability of Mission Success. 
The two variables in this equation have already been calculated from Equation 
6 and from the Sensitivity Analysis performed from Figure 13. 


Enemy 

^y P/'P/r'l = Vnln<»r5ihilitv Annlvcie 



Figure 14. Probability of Mission Success Model 





• Feedback loop . Providing feedback into the system improves the quality of 
information contained within the expert system. Therefore, the quality of the 
vulnerability assessments is enhanced as time progresses and as more 
feedback is provided. 

This heuristic helps the user decide which vulnerabilities will have a 
greater impact on the target should exploitation or attack occur. Once the vulnerabilities 
to be exploited/attacked have been decided upon, the battlefield commander can use this 
knowledge to determine the combination of vulnerabilities and assets to use to achieve 
the desired effect. In essence, this heuristic gives the battlefield commander an idea of 
what IW tools to employ with respect to a given foe. As one of the tools of IW, the 
integrated use of the Five Pillars of C2W can now be more effectively incorporated into 
the battlefield planning, thanks to the wise use of Information Technology. 
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IV. EXPERT SYSTEMS FOR INFORMATION WARFARE 


Expert systems must be part of our vision of using a computer at the command 
post to assess the vulnerabilities of the adversary and friendly forces. The information 
content, accuracy, and speed required surpass the abilities of a human being performing 
the same tasks manually. Officer and/or Enlisted personnel at the battle scene may not 
have the depth and breadth of experience of the expert but will now have access to the 
experts’ knowledge. In stressful situations, where personnel are required to respond as 
quickly as possible, expert systems enable the individual to ensure that all avenues are 
covered consistently, leaving no stone unturned (forgive the metaphor). For a more in- 
depth discussion of expert systems, see Appendix B. 


A. EXPERT SYSTEMS FOR VULNERABILITY 
ASSESSMENT/VULNERABILITY ANALYSIS 

The hardware and software required for an expert system is a computer (e.g., a 
PC or TACC-4) inference engine, an integrated database, appropriate software and a 
network interface. Figure 15 depicts the basic layout of an expert system and how the 
different components of the computer connect together. This gives the reader a visual 
representation of how the data will flow through the expert system. However, unless the 
computer is connected to an integrated database that is easily updated (whether it is 
located locally or remote), then the information contained within may not be optimal. 
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Figure 15. Generic Expert System Model 


Without the availability of expert knowledge, decisions will be made based upon 
the information at the local command post or intelligence center (as they are now). The 
advantages of achieving the author’s vision involving expert systems far outweigh the 
costs. Ensuring that all of the known details are included in an analysis enhances the 
decision-making process and thus the chance of success. Often, human beings in 
stressful situations forget details or ignore their own procedures. Expert systems ensure 
that this does not happen. The information is stored in the database, called upon when 
needed, and updated as events occur. The expert system ensures that the information is 
available on demand in a usable form and that decisions are accurate, regardless of the 
stress level. 

The heuristic that the author has developed will be contained within the expert 
system. Experts, designated by central authority (the command so designated by the 
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military branch in charge of the network), or knowledge engineers will enter their 
knowledge into the central database via a global network. The information in the central 
database will be both historical and current and will be divided into topic areas such as 
country, command and control, and/or communications (or other divisions). The selected 
topic areas should conform to most, if not all, situations. However, in the event that a 
situation occurs that does not conform to these divisions, then the user and/or central 
authority must determine the pertinent topic areas. 

The user will have access to the expert system at the command post, whether it is 
sea- or shore-based. The inference engine within an expert system is connected to the 
central database, see Figure 15 (Generic Expert System). The user enters the identified 
vulnerabilities into the expert system. The expert system then reviews the areas 
pertaining to the vulnerabilities, ensuring that all possible aspects of the target have been 
considered. For example, if the user does not include a vulnerability under the command 
and control area, the expert system would query the user to see if he/she had considered 
that particular vulnerability. 

To assist in maintainin g the currency of the information within the database, and 
therefore the effectiveness and credibility of the system, feedback on the validity of the 
information provided by the expert system will be sent to a central location for analysis by 
target specialists. After the objective is attained, the user should compile a lessons 
learned report to include the effectiveness of the rules, information, mission success, 
bomb damage assessment, etc., and submit it to the central authority, (e.g.. Fleet 
Information Warfare Center (FIWC), for the Navy). Target specialists or experts will 
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review the report, evaluate it, and if warranted, modify the information in the central 
database. 

The central authority is the command or organization designated by the military 
branch that owns the expert system network. This organization will basically oversee the 
global network with the ultimate authority and responsibility for the operational and other 
uses of the network. Included among the responsibilities are the determination of the 
identity of the experts and the performance of the maintenance functions of the global 
network, including the central database. 

B. DECISION SUPPORT SYSTEMS FOR RISK ANALYSIS 

Once the expert system has performed the vulnerability assessment, the 
commander must identify the risks associated with exploiting those vulnerabilities. Using 
a Decision Support System, the commander will have a pictorial representation of the 
different options. Sensitivity analysis is also an option to explore different combinations 
of the alternatives. The commander identifies the objective, die threats, vulnerabilities, 
and the desired outcomes. By placing more emphasis on a particular threat and/or 
vulnerability, the commander can influence the amount of risk associated with exploiting 
a particular vulnerability. 

C. EXPERT SYSTEMS AND INTELLIGENT AGENTS FOR TRAINING 

Training is equally as important as the mission. In order to provide a more robust 
system and save money, the same expert used to perform Vulnerability Analysis can also 
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support the training requirements for Information Warfare. This system will therefore 
greatly improve a sailor’s performance. Learning what information has proven useful 
improves the quality of the future analyses and the quality of the information that is both 
input into the database and extracted from the expert system. Using training tools, such 
as expert systems and intelligent agents, to teach the concepts of Information Warfare, the 
“student’s” understanding is assessed. Intelligent agents are a type of artificial 
intelligence software. The agent learns about the student’s knowledge level as he/she 
progresses through the training material and can offer instruction and advice to help the 
student complete the task. [Ref. 57: pp. 97-104] If the student does not appear to fully 
understand the concepts, then the expert system/intelligent agent concentrates on the 
weak areas until the material is fully understood. In addition, many people learn more 
effectively by actually doing; therefore, having personnel actually practice identifying and 
assessing vulnerabilities improves knowledge retention and skills. Pilots have been using 
this method, with great success, for a very long time. Simulation is a great way to 
practice and hone skills at less cost than performing actual drills in an airplane. In havmg 
a dual-purpose system, i.e., meeting mission and training needs (simulation), the sailor 
will gain knowledge of both the required information and the actual computer system that 

will process that information. 


D. EXAMPLE SCENARIO 

To see how the proposed expert system can help in performing the Vulnerability 
Analysis, here is an example of how the expert system will play a part in future conflicts. 
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Nation A is experiencing a plague. Instead of requesting aid from the United 
Nations, Nation A decides to demand unrestricted access to a neighboring nation’s 
(Nation B) medical knowledge and technology. However, because of inhumane practices 
against this same neighboring country (Nation B) and another neighboring country 
(Nation C) in a past war, the United Nations has placed trade sanctions against Nation A. 
Of course, Nation A has absolutely refused to place a request before the Umted Nations 

for assistance. 

Instead, Nation A’s government sends soldiers into Nation B to kidnap the 
president’s wife and children. The soldiers have orders to hold these people until the 
required medical assistance is turned over to the designated representatives of Nation A s 
government, after which the soldiers are supposed to kill the hostages. Nation A has also 
amassed troops along the borders of Nation’s B and C with orders to attack if the medical 
assistance is not delivered posthaste. 

Of course. Nation’s B and C believe that the troops will invade anyway, whether 
or not the medical assistance is delivered. In fact, they believe the reports of plague are 
highly exaggerated. Allies of both nations begin assessing the vulnerabilities of Nation 
A. One fact quickly becomes apparent. Nation A’s militaristic society has poured 

massive amounts of money into it military infrastructure, but has totally ignored medical 
capabilities. The soldiers have been isolated from family and friends to prevent 
contagion, but some soldiers have contacted their families anyway. To date, only two 
soldiers have contracted the dreaded disease. Military leaders feel that force is the only 
way to obtain the necessary medical capability. 


52 


Allied forces are pressured by the United Nations to intervene. Allied sources 
discovered that Nation A’s command and control communications network is highly 
sophisticated and has been operating for several years. Also known to the allied nations 
is that this country bought the system from international businesses, and the manufacturer 
resides and operates within the borders of an allied country. Thus, the allies prevail upon 
the manufacturer to identify any vulnerabilities on this particular system. Other sources 
were also consulted to obtain information regarding potential vulnerabilities of this 
system or similar systems. Previously completed vulnerability assessments completed on 
similar command and control systems have been obtained. 

Following procedures developed some time ago for assessing vulnerabilities, a 
designated sailor performs a vulnerability assessment and risk analysis against Nation A. 
The officer looks at the Nation’s IW attributes and divides it into component parts. For 
example, the officer discovers that the command and control communications network is 
a vital part of Nation A’s military strategy and that the banking industry and the power 
grids are crucial to the country’s social and economic infrastructure. Thus, they are 
vulnerabilities, perhaps even the center of gravity for this nation. The officer then divides 
the command and control communications network, the banking, and the power grid 
networks into their component parts. 

Followin g the procedures contained within the manual given to him by 
headquarters and the expert system described in this paper (that automated those 
procedures), the sailor performing the vulnerability assessment determines that the system 
is vulnerable to attack or exploitation and proceeds to inform his superiors. The senior 
personnel begin developing a battle plan using the integrated use of the Five Pillars of 
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C2W and their knowledge of enemy’s vulnerabilities to achieve their objective, isolating 
Nation A’s leader from his command and control communications, the banking, and the 
power grid network. Other secondary objectives include degrading morale even more. 

The allies decided to drop leaflets and pamphlets over the citizens of Nation A, telling 
them that their leader and several key members of the government were sick and have 
fled the country to obtain medical assistance, leaving the citizens to the mercies of this 
fatal disease. Anti-radiation bombs are dropped over the capital city, denying the enemy 
the use of his command and control communications, banking, power grid network, a 
tactic that had been successful in a previous conflict. Computer viruses are transmitted 
over the internet to the main computer in the networks to ensure malfunction. Without 
communications, money and electricity, the inhabitants of Nation A surrender within 24 
hours. Allied forces achieve their objective and the Red Cross enters the beleaguered 
country to deliver medical assistance, with minimal exposure of friendly forces to risk. 

The example scenario above depicts how the heuristic in this paper can be used to 
develop a vulnerability assessment. To take this subject a step further, expert systems can 
apply this methodology much faster than humans can. In fact, expert systems lend 
themselves very easily to this procedural process. Automating this process can result in 
greater increases in efficiency and effectiveness, since expert systems can compute faster 
than h umans and can ensure that important details are not overlooked. 

Vulnerability assessments are not the only area of Information Warfare that will 
realize a benefit. Training can realize equal benefits. Equipping personnel with the 
knowledge and training necessary to perform duties to the best of their abilities is the job 
of today’s leaders. In the civilian sector, expert systems are proving to be more effective 
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in computer-based training than many other methods, even classroom instruction. Being 
able to assess an individual’s understanding of the fundamental concepts is a gigantic leap 
over today’s training methods. 

Imagine using expert systems not only to learn IW concepts, but also to apply 
them. Also imagine expert systems assisting in the decision-making process while 
assessing an adversary’s vulnerabilities. For Information Warfare, the benefits that will 
accrue quickly in the quality of work, efficiency and effectiveness of personnel are 
substantial, especially if feedback on lessons learned are incorporated into the expert 
systems. 
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V. IMPLEMENTATION ISSUES 


Issues concerning the current technology, system requirements, and migration 
path are all critical to the successful implementation of any system. Is the current 
technology level sufficient to support the proposed plan? What are some of the system 
requirements to support this proposed plan? How does the military move from the design 
phase of the proposed system to the implementation of it? In the case of this research, the 
proposed plan is the implementation of a global network of expert systems supporting a 
centralized database, which in turn feeds information into an expert system being used at 
a command post. These questions and issues must be resolved before actual 
imp lementation in order to realize the full benefit of the system. 


A. CURRENTTECHNOLOGY 

The current technology level of the Navy is sufficient to support the 
implementation of a global network of expert systems. Existing expert systems, using 
more advanced technology than this proposed system, are prevalent in today’s 
technologically advanced society. Appendix A discusses the wide variety of uses for 
which industry and the federal government employ expert systems. The United States 
military, mainly the Army, currently uses expert systems for a variety of purposes. 
Applications of these systems range from managing personnel matters at the Army’s 
Personnel Command to the diagnosis of patients in the Medical Field to assisting senior 
officers in making decisions using Executive Decision Aids. The Army has invested a 
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large amount of money in researching and using expert systems. Perhaps the most 
pro mising area is in Maintenance. Army mechanics are responsible for a multitude of 
equipment. Since training personnel requires a huge outlay of resources, investing in 
expert systems can potentially realize cost savings in terms of decreased downtime for 
equipment, manpower costs, and training. Fault isolation is a big issue in the 
maintenance arena. A mechanic who is attempting to repair an unfamiliar piece of 
equipment consults the expert system. The expert system helps the mechanic identify the 
fault and gives the mechanic instructions on how to repair it. [Ref. 60: p. 63] The 
similarity between performing fault isolation analysis in maintenance and failure node 
analysis in Information Warfare/Vulnerability Analysis is striking. As a fault isolation 
routine decomposes a complicated mechanism to identify a fault, failure node analysis 
decomposes an enemy’s force structure to isolate a critical vulnerability. 

Another area in which expert systems are helping the Army is in Command and 
Control. Project Eagle is one of the Army’s largest expert system projects. It is intended 
to be used as a “combat development tool for studying corps and division-level force 
effectiveness issues.” [Ref. 59: p. 20] Basically Project Eagle analyzes the force structure 
effectiveness as it relates to the different systems such as command and control, weapons, 
and doctrine. In the Information Warfare/Vulnerability Analysis arena, a system like this 
can develop a decomposition of the enemy’s forces and help identify the vulnerabilities. 

From a tr ainin g perspective, current technology has reached the point where 
advisory agents and expert systems can assess a student’s level of understanding. This 
type of “insight” can help the teacher (human or computer) focus on areas that will 
increase the student’s understanding and ultimately, the student’s knowledge of the 
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subject. [Ref. 57: pp. 97-104] Using this kind of “intelligent” software can help sailors 
learn the fundamental concepts and uses of Information Warfare, and ultimately, how to 
perform Vulnerability Analyses. Additionally, simulators and expert systems have great 
potential in Information Warfare. Besides performing the operational mission, expert 
systems and simulators can teach the concepts of Information Warfare both from a 
theoretical and practical point of view. Whether in training or in an exercise to determine 
the potential outcome of different strategies, expert systems and simulators will be 
invaluable to the battlefield commander. As Vice Admiral Arthur K. Cebrowski stated, 

“The military commander needs a real or near-real-time picture of the 
battlefield, and must be able to sort through hundreds or even thousands 
ofscenarios, predict their outcome, and choose a course of action. At the 
same time, commanders must have the ability to distort the enemy’s 
knowledge. ” [Ref. 60: p. 71] 

Simulators and expert systems together can provide the battlefield commander and his 
staff with the opportunity to develop the appropriate courses of action in response to a 
given stimulus during non crisis times. 

Thanks to military and civilian research efforts, the United States has achieved a 
high level of technology, which is certainly sufficient to support the vision of a global 
network of expert systems. As we speak, researchers are pursuing more advanced 
technology and uses for expert systems. With the wide variety of expert systems being 
used for military and civilian purposes and the subsequent positive results, more people 
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will realize the benefits to be accrued from capturing an expert’s knowledge and using 
that knowledge to achieve the end goal, i.e., in a Information Warfare sense, exploiting an 
enemy’s weaknesses. 


B. SYSTEM REQUIREMENTS 



Figure 16. Global Network of Expert Systems 


To support the dual requirements of expert system proposed in preceding chapters 
and depicted in Figure 16, (i.e., performing Vulnerability Analyses and training sailors to 
conduct them), the system requirements for an expert system are listed below. Speed of 
processing is a major consideration. Decisions must be made quickly; therefore, the 
processing speed must be faster than would be acceptable in an non-mission system. 
Also, non-proprietary hardware should be used to the maximum extent possible, which 


60 







will provide for more effective use of onboard maintenance resources. The requirements 


for the workstation are as follows: 

Hardware - Workstation 

• PC connection or TACC-4 connection to inference engine using windows-like 
graphical user interface (GUI) 

• Support SVGA with resolution of 1024 x 768 

• 2 GB hard disk capacity 

• 32 MB RAM 

• Pentium processor/200 MHz speed 

• Local bus video 

• Multi-media capability including Sound Card, Speakers, Digitized Voice, and 
Motion Video 

• 6X-speed CD-ROM drive 

• System must be “ruggedized” (portable) 

• Non-proprietary hardware, replaceable by local shipboard computer parts 
inventory 

• Backup capability (tape or zip drives) 

• Uninterruptible Power Supply (UPS) 

Hardware - Server 

• Wide bandwidth capability to global network 
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• 128 MB RAM 

• Large hard drive capability 

• UPS 

• Multiple drives 

• Client-server software architecture 

• Multi-processing capable 

Software 

• PC-based operating system 

• Provide the decision-maker with enough quality information to make a single 
decision. Processing time for a single answer within 10-15 minutes. 

• User-friendly Graphical User Interface (GUI), easy to understand presentation 
of data 

• Step-by-step decision-making process for the user 

• Allows forward-chaining, backward-chaining rules, object hierarchies, and 
LISP capable code 

These requirements should result in an efficient, robust expert system, which can double 
as a training station. Therefore, instead of being used for performing only Vulnerability 
Analyses, the sailors can also train for Information Warfare. Realistic exercise scenarios 
could be used for training and/or educating the troops on Information Warfare. 
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C. MIGRATION PLAN 


Before proceeding with a migration plan to develop and introduce the global 
network of expert systems, the military must decide what skills are necessaiy to support 
the operational use and maintenance of the system. Therefore, identifying the Core 
Competencies/Educational Skills Requirements is critical. The author’s vision of the 
expert system performing Vulnerability Analyses for Information Warfare encompasses 
three areas: Information Warfare, Computer Science, and Information Technology. For 
the Naval Postgraduate School curricula, curriculum sponsors develop Educational Skills 
Requirements considered necessaiy for officers to operate in the increasingly complex 
technological world of today and tomorrow. These skills will help in realizing the vision 
of the expert system network by teaching military officers the basic knowledge required 
to operate and maintain such a network. The Educational Skills Requirements for 
Information Warfare, Information Technology, and Computer Science, listed in Appendix 
C, are the areas deemed necessary for the current and future success of a global network 
of expert systems. 

These Educational Skills Requirements cover a broad area of knowledge that will 
support and maintain the operational use of the expert system network. The officer must 
understand the requirements of the battlefield commanders pertaining to Information 
Warfare and how to best employ technology to achieve the objective. Also, with more 
and more military systems becoming increasingly dependent on automation, 
understanding how the networks and computer systems interoperate is a necessity. As 
these requirements apply to the officers attending the Naval Postgraduate School, 
comparable requirements should be developed for the officers at the other military 
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graduate level educational institutions and for the technicians who will ultimately perform 
the myriad tasks involved in the use and upkeep of a system. The proposed expert system 
and simulation software will enable personnel to practice and apply the theoretical 
concepts and skills learned from the study of Information Warfare, Computer Science, 
and Information Technology. Establishing the criteria for training personnel is one of the 
first steps in planning for the implementation of a system. 

Another area of concern in the migration plan is the delivery path of the core 
information. The operational information must be delivered and updated via the global 
network to each of the local commands because of the time sensitive nature of such 
information. However, a security concern such as interception or misrouting of the signal 
could give the enemy invaluable information about our Information Warfare training 
efforts. This concern might prohibit this transmission option for delivering the training 
inf ormation. Another method of delivery of the information which should be considered 
includes CD-ROMs. Using read-write CDs allows the local commands to develop more 
tim e-sensitive scenarios. If used on a wide basis, this storage medium would be the most 
cost effective means of delivering and storing training information. After the break-even 
point in creating the CD-ROMS, the cost of each successive CD-ROM rapidly decreases. 

Security is another consideration. This option manifests itself in administrative 
concerns for classified storage and accountability issues, but the infrastructure supporting 
this classified delivery method of updates is already in place, i.e., by Sensitive Classified 
Information (SCI) channels. CD-ROMs may be mailed via secure mail to the local 
commands. Even with the administrative concerns, this method will work well for 
training, thereby leaving the transmission path free for operational use. 
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The maintenance necessary for the installation and upkeep for the proposed 
system can be provided by the current infrastructure. With minimal specific training on 
the expert system, the maintenance personnel could maintain the proposed system with 
relatively little effort. Some proprietary replacement parts will need to be placed in 
inventory, but as stated earlier, every effort will be made to design the envisioned expert 
system using non-proprietary equipment. 

The key to a successful implementation of a system is to motivate people to 
actually use the system. Simulators not only give practical hands-on training to 
personnel, they can also make the learning process fun. With visually appealing screens 
and scenarios that have real world implications, personnel will be enticed to practice on 
the simulator. This practice not only provides the battlefield commander with trained 
personnel who have good situational awareness, but also with trained personnel who are 
intimately familiar with the expert system. 

Resolving the issues surrounding implementation of a system in an expeditious 
manner can lay the groundwork for the successful use and good credibility of die system. 
Although the three areas addressed above are the primary issues during the 
implementation process, other smaller issues will arise during the actual implementation. 
The current technology is sufficient for both current and future use. Researchers are 
making great strides in the field of expert systems, and continued research should be 
encouraged and supported. The Educational Skills Requirements shape the future of 
Information Warfare, Computer Science, and Information Technology by determining 
what skills officers will need to solve future problems. As noted earlier, knowledge of 
expert systems and decision support systems has already been deemed necessary for 
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officers to learn. With the increased use of these systems throughout industry and 
government, knowledge of the capabilities of these systems become more and more 
imp ortant for Inf ormation Warfare officers. Finally, identifying and resolving the issues 
surrounding the implementation of an expert system network can assist in achieving a 
system that is highly credible and operationally useful. Planning and foresight in 
addressing the numerous issues involved in implementing a system can help in achieving 
a smooth migration plan and successful implementation. In short, keeping in mind the 
benefits to be realized from a global network of expert systems, the author believes that 
this vision can and should be achieved. 
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Vi. CONCLUSIONS 


A heuristic for conducting Vulnerability Assessments is invaluable for capturing 

who do not have the expert's depth and breadth of professional expertise can benefitfto 
the series of steps contained in the heuristic presented in this thesis. Sinceaheur, ^ 

essentially a series of sequential procedures, ■« easily — -«• * 

integrated expert system and decision supper, system. An opportunity or e nn 

few examples of these systems performing Vulnerability Analyses abound. The Unit 

States Army is using expert systems to perform battlefield disposition and force 

i 'o The design of this network must 
composition requirements but not Vulnerability Analysis. The design 

. information on a global scale using 
also include a requirement for providing access to information 

central database. The technology is available now and is making advan ry 

vision of a global network of integrated expert systems and decision support syste 

attainable and can be successfully implemented and operated. 

the information to be maintained and updated on a periodic basis throughout the day. 

To provide for a more robust system, paining should be conducted using the sam 

expert system. With tile Educational Skill Requirements (see Append* C) y 
determined, the echelon command must develop the training pian to hone those skitis. 

Hava, Postgraduate School as well as other educational institutions have develope 

curricula to satisfy the Educational Skills Requirements. Follow-on tiaunng a, e 

• t in fme-tuning those skills. By providing 
command level using tire expert system can asstst m fine tuning 


training using intelligent agents with the expert system and modeling and/or simulation 
techniques, officers and enlisted alike will be able to obtain and/or hone their knowledge of 
Information Warfare concepts and increase their knowledge with a practical application of 
those concepts. Using the same expert system and decision support system that conducts 
the Vulnerability Assessments provides a dual benefit of system familiarization for the 
users and more efficient use of resources for mission and training requirements. 

By using the expert system and decision support system, the subsequent 
imp rovement in quality and timely receipt of information will help the battlefield 
commanders to take decisive action with the most accurate information possible in this 
technologically advanced society. Not only will the operational information be enhanced, 
but the tr aining information will be more up-to-date and pertinent to the current mission. 

In short, due to the benefits to be gained from the implementation of a global network of 
expert systems, further research should be strongly encouraged and sponsored. 

The heuristic contained within this thesis holds true for Vulnerability Assessments 
conducted on a wide variety of targets, ranging from cruise missiles to satellite systems. 
Although developed mainly from an offensive point of view, the heuristic also holds true 
for defensive operations. For further reading on a Vulnerability Assessment conducted 
from a defensive point of view, consult Charles Dunlap’s “How We Lost the High-Tech 
War of2007.” [Ref. 61: p. 22] 
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A. LESSONS LEARNED 

The author encountered only a few problems during the course of the thesis 
process. The greatest challenge involved locating personnel who have actually conducted 
Vulnerability Assessments. Extracting a heuristic from a body of literature is a starting 
point, but interviews with personnel experienced in Information Warfare is necessary to 
validate the process and discover anomalies. Another problem encountered involved 
selecting a presentation format for the wealth of vulnerability data. For example, some 
people work better with graphs and charts, while others work better with text. The author 
used a combination of both graphs and text in developing the Vulnerability Assessment 
procedure. 

During the course of the whole thesis process, the author discovered a few 
“lessons” that might prove beneficial to others. These lessons include: 

• Periodically reevaluate the thesis outline. This outline is the basis for the 
whole thesis, and it changes as the research progresses. Otherwise, the student 
will research on subjects that will later prove to be useless in writing the thesis. 

• Developing good sources early in the thesis process is a necessity. The DTIC 
database provided invaluable documents on previous Vulnerability 
Assessments. 

• Find another student that is willing to read the thesis while it is being written for 
grammar, spelling, and clarity. This allows the thesis advisor to spend more 
time on content (intellectual contribution). 
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B. RECOMMENDATIONS FOR FUTURE RESEARCH 

With the possibility of using expert and decision support systems to conduct 
Vulnerability Assessments explored, other areas become available for research. The 
impact tables contained in Appendix A contain information provided from a cursory 
examination of literature. To fully determine what variables in today’s society actually 
imp act the enemy and how much effect the variable will have on the enemy, further 
research is necessary and encouraged. 

Another potential area for further research is in performing a decomposition of 
enemy forces and failure node analysis. Developing a heuristic for these processes is also 
necessary to help non-experts determine the effects of exploiting an enemy or friendly 
forces’ vulnerabilities. 

Developing the requirements for a global network of expert systems and the 
resulting architecture is yet another area in which research should delve. For the whole 
vision of a group of experts updating a central database to work, the architecture, the 
requirements, and a feasibility study should be completed. 

A fourth area ripe for more in-depth research is developing a prototype expert 
system to conduct the Vulnerability Assessment. Once a prototype is available, people will 
be able to see and experience the value of allowing an expert system to conduct the 
Vulnerability Assessment. Further research is all of these areas is a must. 
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APPENDIX A. IMPACT ASSESSMENT TABLES [Ref. 51] 

Virus 


Type Virus 


Boot Infectors 


Virus Name Virus Effect Virus Impact 

(assigned by 
decision-maker) 

AntiCMOS (Lenart) Blanks CMOS/BIOS values. 

AntiEXE (Newbug) Overwrites MBR. 

Da' Boys Overwrites the DOS 5.0 Boot Sector. 

ExeBug Makes small changes to MBR. Changes 

computer's CMOS. 

Form Memory resident Does not infect files. 

Moves original boot sector. 

Joshi Memory resident. No damage to system. 

Leandro and Kelly Memory resident. Changes MBR. 

LeHigh InfectsCOMMAND.COM. Causes denial of 

service. 


Michelangelo 

Monkey 

No_Int 

NYB (alias Bl) 
Ripper 

Sampo 


StealthC 

Stoned 

V-Sign 


WelcomB 


Reformats hard drive on March 6 

Encrypts the Partition table. Memory 

Memory resident stealth virus. 

Memory resident stealth virus. 

Encrypting, memory resident stealth virus. 
Relocates original boot sector and infects 

Memory resident. Works with Kampana to 
infect floppy disks. Does not corrupt saved 
files on system. 

Memory resident stealth virus. Moves 
original boot sector. 

Causes damage to directories or File 
Allocation Table. Moves original boot 

Memory resident. Polymorphic. Problems 
booting system and accessing hard/floppy 
drives. 

Memory resident stealth virus. Redirects 
calls to original MBR. 
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Type Virus 


File Infectors 


Multi-Partite (both 
Boot and File 
Infectors) 


Virus Name 


Cascade 


Die Hard 2 


Haifa 


LittleRed.A 


Predator 


Junkie 


Natas 


One Half 


Virus Effect Virus Impact 

(assigned by 
decision-maker) 

Memory resident, parasitic, encrypting 
virus. Targets .COM files. Characters on 
screen fall down into a heap on the bottom 

Symbiotic, memory resident that uses 
stealth techniques. Infects .COM and .EXE 

Memory resident, parasitic, encrypting 
virus. Infects .COM and .EXE files. 

Attaches to .ASM, .DOC, .PAS, and .TXT 
files in benign fashion. 

Parasitic, stealth, memory resident virus. 

Infects COMMAND.COM. Targets .COM 
and .EXE files. 

Parasitic, stealth, memory resident virus. 

Infects .COM files. Destructive. Randomly 
alters bytes in read buffers. 

Memory resident, encrypting virus. Targets 
.COM files, DOS boot sector on floppies, 
and MBR. 

Memory resident stealth virus. Infects 
system hard disk's MBR, diskette Boot 
Sectors, .COM, .EXE, and overlay files. 

Memory resident, enciypting virus. Targets 
.COM files, DOS boot sector on floppies, 
and MBR (sector containing partition table). 
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Technology [Ref. 52] 


Technology Type Priority 


Technology Effect 


Related Impact 

Technologies (assigned by 

decision-maker) 


Invisible Soldier Priority 1 Force 

Image Avoidance Protection 

and Signature 
Reduction 


Mine, Booby Trap & 
Explosives Detection 
and Neutralization 


Tactical Detection Priority 1 Force 

Weapons of Mass Enhancements 

Destruction (WMD) 


Advance Night Vision 
(NV) Equipment 


Makes soldier invisible Active camouflage 
day or night, to whole technology, active 
range of battlefield thermoelectric ribbons, 
sensors across IR sensors, 

electromagnetic microprocessors, 

enhanced light weight 
power sources, heat 
dissipation, and radar 
absorptive materials. 


Protect personnel, Robotics, unmanned 
equipment, facilities vehicles, fiber optics, 
and vehicles by display devices, air 

detecting and neutra- sampling, chemical 
lizing explosives from trace detection, 
a distance, without imaging technology 
to enter danger areas capable of seeing 
where detection and through structures, 
simultaneous explosion magnetic, IR, acoustic 

are unacceptable. and radar anomaly 
detection. 


Stand-off means for Nuclear radiation 

small tactical units detection, air sampling, 

operating in IR and radar 

non-permissive photography. 

environments to detect 

location or assembly of 

nuclear weapons and 

chemical/biological 

agents to be used as 

weapons. 


Provide military Light-weight power 

forces/law enforce- sources, solar batteries 

ment with long-range and charging systems, 
night vision equipment optics, IR, lasers, and 
allowing exploitation light amplification, 
of full range weapons 
systems and equipment. 

Includes equipment for 
snipers and crews of 
aircraft, vehicles, and 
crew-served weapons. 
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Technology Type Priority Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 

Mission Kill (Area and Precision or area Non-nuclear EMP, 

Point) weapons systems that directed energy 

will prevent enemy weapons, lasers, 

from carrying out high-power microwave, 

intended mission by infra sounds, isotropic 

disabling person, radiators, calmative 

equipment, or weapon agents, and carbon fiber 

with minimal or no conductors, 

collateral damage or 
casualties. 

Non-lethal Weapons Temporary Directed, variable 

neutralization of enemy strength energy 

with no long-term weapons, non-lethal 

debilitating effects and gases, acoustic 

minimum casualties, research, non-nuclear 

Lasts at least 5 min. EMP, super caustics. 

Used in crowds with aerosol nets, adhesives, 

combatants/non- lubricants, aerosol dyes, 

combatants. Delivery intense light (strobe 

via guided weapons, flash), and irritants, 

light, sound, gases, 
or aerosols. 

Low-Signature Priority 1 Command, Not necessarily Low- or non-reflective 

Unmanned Aerial Control, transparent to radar materials. 

Vehicles (UAV) Communications, electromagnetic propulsion systems. 

Computers, and spectrum, but has noise abatement 

Intelligence (C4I) reduced visual, audio technologies, aircraft 

and electromagnetic and glider construction, 

characteristics that will battery technology, 

reduce probability of solar power 

detection and attack, technology, and 

advanced camouflage. 

Common Language Translates English Speech recognition. 

Voice Recognition language voice speech understanding, 

conversation into speech synthesis, 

foreign language voice speech-to-speech 

(and vice-versa). translation, and 

Developed on basis of dialogue management, 

likelihood of U.S. 
involvement in areas 
where languages are 
spoken. 
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Technology Type 


Reduced Visibility 
Penetrator Aircraft 


Anti-Mortar (Light 
Indirect Fire) 
Capability 


Extremities Protection 


Anti-sniper System 


Priority 


Priority 1 Force 
Projection & 
Sustainment 


Priority 2 Force 
Protection 


Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 

Application of reduced Absorptive materials, 
visual and radar visi- noise abatement 
bility and reduced technologies, quiet 
sound technologies to rotor blades, propulsion 
penetrator aircraft that systems, and radar 
insert/retrieve troops non-reflective 
and equipment in 
denied areas. Present 
minimal or no signature. 

Provides for detection RF detection devices, 
and precise location of radar, acoustic sensors, 
hostile indirect fire high-speed computers, 
weapons (principally and airborne (UAV) 
mortars) in time to sensors, 
warn friendly forces 
and engage weapon 
with precision weapons. 

Optimally include 
capability of 
neutralizing rounds 
before impact. 


Develop individual 
protective armor for 
human body 
extremities coupled 
with existing body 
armor to protect 
soldier from injuries 
(shell fragments, small- 
arms fire) while allowing 
full mobility without 
degradation of combat 
capability. 


Body armor 
development, 
camouflage technology, 
textiles, multi-spectral 
camouflage, heat 
venting and transfer. 


Immediately identify Acoustic sensors, IR 


source/nature of 
small-arms fire 
at friendly target and 
immediately direct 
lethal or non-lethal 
weapons or passive 
sensory devices to 
source. Mounted on 
vehicles, helicopters, 
on buildings, on ground, 
or hand-carried. 


sensors, 

microprocessors, laser 
target designators, and 
aim point designators. 
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Technology Type 


Detection and 
Destruction of 


Non-intrusive Drug 
Detection 


Room Monitor 


Chemical/Biological 
Expert System 


Priority 


Priority 2 Force 
Enhancements 


Priority 2 C4I 


Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 


Detect, identify, and 
characterize 
underground 
tunnels/cavities of 
significant size in 
permissive/denied 
areas for size, depth, 
use and estimated 
protective hardness. 
Map/locate vulnerable 
points (entrances/ 
vents) with precision 
(100-500 ft). 


Radar technology, 
seismology, solid state 
imaging arrays, acoustic 
sensor technology, 
digital signal 
processing, image 
processing, ultra wide 
band, high-power signal 
generations, Geology, 
mining, and magnetic 
anomaly detection. 


Identify presence of Radar, chemical 
illicit drugs, (primarily spectrum analysis, 
cocaine and heroin) in gaseous and nuclear 
various preparatory diffusion analysis, and 
and final states, with- air sampling 
out being in proximity, technologies. 

Monitor activities Radar, IR, heat, metal, 
occurring in a room and movement 
without accessing detection, power 
room's outer walls or technologies, 
room proper to photography, 

emplace devices or micro-seismic 
sensors. Operates from 
stand-off distance. 

Transportable and 
operable from light 
vehicle or person. 

Multiple power sources. 


Immediately identify 
chemical/biological 
agent encountered. 
Provides critical 
information on agent's 
identity, immediate 
protective measures, 
appropriate antidotes, 
and handling 
instructions. 


Database technology, 
chemical/biological 
weapons/detection, data 
transmission, micro 
processing, artificial 
intelligence, automated 
analysis, low 
probability of 
detection 
communications. 
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Technology Type Priority 


Virtual Reality Modeling 
and Simulations for 
Training, Planning and 
Rehearsals 


Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 

Project variety of Computer graphics, 

realistic OOTW modeling, and 

operational simulations, 

environments. Ranges 
from projection of 
information in great 
detail (micro¬ 
environments faced 
by individuals/small 
units) to complex 
environments. 


Survival Tag Priority 2 Force 

and Tracking System Projection & 
Sustainment 


Combat Search and 
Rescue (CSAR) 
Command and Control 
(C2) System 


Biological-Medical Priority 3 Force 
Treatment Capability Protection 


Permits remote 
tracking of individuals, 
vehicles, or equip¬ 
ment. Undetectable 
to captors. Provides 
positive location and 
readable from high- 
altitude aircraft or 
satellites and from 
hand-carried monitors 
(3-5 km). 


Global Positioning 
System, space-based 
positioning tracking 
system, 

microprocessors, 
biochemical tracers, 
mini-power sources, 
and electronic tags. 


Tagging system or 
emergency 
communications 
system for downed 
pilots, special opera¬ 
tions forces, or other 
military personnel at 
high risk of capture. 
Provides immediate 
and precise location, 
security status, and 
physical condition. 


Global Positioning 
System, data 
processing, secure 
communications, 
world-wide 
telecommunications 


Remotely monitor 
soldier's health 
(location/extent of 
injuries). Provide 
remote 

treatment/sustain life 
support during 
evacuation and expert 
medical assist from 
CONUS. Train 
surgeons on battlefield 


Remote sensing and 
monitoring, 
geolocation and 
positioning, robotics 
and tele-presence, 
virtual reality and 
computer simulation, 
broad bandwidth 
communications, and 
high-performance 
computing and 
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Technology Type Priority 


Biological-Medical 
Treatment Capability 
cont. 


Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 

casualties with communications, 

advanced simulation 
and virtual reality 
models. 


Stand-off Precision Priority 3 Force Person-portable Laser designation. 

Breaching Weapons Enhancements weapons to penetrate rocketry, EMP, 

(Squad/Team) walls/bunkers. explosives technology, 

Accuracy to within and radar. 

1 meter square from 
beyond 500 meters. 

Future improvements 
include optically aided 
eyesight and implanted 
sensors/designators. 


Stand-off 
Neutralization of 
Weapons of Mass 

See-through Priority 3 C4I 

Capability for 
Buildings and 
Structures 


Ability to render Bacteriology, 

WMD unusable or chemistry, rocketry, 

ineffective from a nuclear physics, and 

distance. high-voltage 

Determine content and X-ray and millimeter 
positioning of people, wavelength, 

furniture, and equipment 
in structures without 
penetration or access to 
walls, roofs, etc. 

Optimally, real-time 
video of persons and 
items inside building. 


Strategic/Discriminating Emplaced by air, Multi-media sensors, 

Remote Sensors artillery, or ground. long-life power sources. 

Interchangeable LPI, spread spectrum 

sensors used in (Morse) comms, 

multiple configur- interactive display 

ations. Includes IR consoles (receive, 

imagery, seismic, record, direct sensor 

audio, electronic activity, multi-spectral 

emission, compressed camouflage 

imaging, low-light TV, (concealment), and 
neutron and other space-based or airborne 

nuclear detection communications relay, 

system. 


Universal Priority 3 Force Individual power source Batteries, 

Long-Life/Light- Projection & to provide power to miniaturization, solar 

Weight Power Sustainment various types of power (chemical photo 

equipment (radios, voltaic), electrical 
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Technology Type Priority 


Universal 
Long-Life/Light- 
Weight Power 
cont. 


Strategic Airlift 


Floating Sea Base 
Capability 


Technology Effect Related Impact 

Technologies (assigned by 

decision-maker) 


position/navigation, generation, electrical 
mini-computer) within insulation, and human 
wide range of terrain engineering and 
and climatic medical, 
conditions. 


All-weather, low-cost 
strategic airlift 
platforms requiring 
minimum fixed- 
forward, 
based to rapidly 
transport multi¬ 
purpose vehicles. 


Composite tech, STOL, 
heavy-lift/specially 
designed helos, aerial 
refueling, 

navigation/defensive 
electronic equip, serial 
port tech, radar, IR, 
night vision, 
satellite/other comms, 
navig/posit devices 
locating devices, 
aerial/land/sea sensor. 


Receives intra-theater 
airlift sealift. Tailored 
for specific operations 
to preclude/minimize 
US presence on-shore. 
Sustain all-weather 
support of on-shore 
operations, receive 
replenishment by 
air/sea. Relocatable 
within 90 days. 


STOL, heavy-lift 
rotary/fixed wing 
aircraft, Sea Delivery 
Vehicle, deep 
submersible recovery 
vehicles, 

amphibious/maritime 
tech (incl. offshore 
habitats/hydrospace 
platforms), materiel 
handling, load- 
master simulation 
model 
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Geopolitics [Ref. 53] 


Action 

Type 

Government 

Democratic 


Democratic Isolationist 


Democratic Participative 
(United Nations) 


Communist 


Socialist 


Fascist 


Totalitarian 


Dictatorship 

Change in 

Coup 

Government 

Election (popular support) 

Climate 

War (Mission of troops) 


Peace 


Expansion of NATO 


Effect Impact (assigned by 

decision-maker) 

Free speech, free market 
economy 

Poor economy 

Deterrence and containment, 
sanctions, keep peace 

No free speech, money on 
military power 

No free speech, money on 
military power 

No free speech, money on 
military power 

No free speech, money on 
military power 

No free speech, money on 
military power 

Military enforcement 

Generally peaceful 

Destroy/Neutralize enemy 

Peacekeepers/Peacemakers 

International community take 
action or impose peace 
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Economics [Ref. 54] 


Type 

Effect 

Interest Rates 

Adjusts for inflation. 

Shrinking Deficit 

Spending cuts (Defense). 

Value of dollar 

Can indicate inflation. 

Inflation 

Weakens currency's buying 

Industry Prices 

Affects prices on defense 

Imports 

Can affect prices on equipment 
parts included in Defense budget. 


Impact (assigned by 
decision-maker) 
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APPENDIX B. EXPERT SYSTEMS 


This appendix contains a brief discussion on expert systems. Included in the 
discussion is the definition, the components, and the value added of expert systems. Also 
included are examples of how this technology is being used in the civilian sector. 

The field of expert systems, in particular, deals with modeling the knowledge of 
experts. An expert system is a group of rules that outline a reasoning process which can 
draw deductions, producing new information, and modifying rules if necessary. [Ref. 62: 
p. 68] Basically, the knowledge consists of facts and heuristics. The “facts” constitutes a 
body of information that is widely shared and publicly available from experts in the field. 
The “heuristics” are mostly private rules of good judgment that are characteristic of the 
decision-making process of experts. [Ref. 63: p. 5] With expert systems, the computer is 
programmed with a group of rules in such a way that it can draw deductions or provide an 
outcome based upon a given set of circumstances. The expert system works using the 
basic components contained in Figure 17. 
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Figure 17. Expert System Components 


An Inference Engine integrates the input data, the goals specified by the user, and 
information from the standard database with the expert knowledge contained within the 
knowledge base. A person can see that this technology may be applied in two different 
ways. The first way is to provide decision support, reminding the expert of options he or 
she may have forgotten. The other application is in decision-making, so that in the 
absence of a scarce resource (i.e., an expert), a less qualified or even unqualified person 
can make a decision beyond his or her level of expertise. [Ref. 64: p. 1] 

The primary goal of an expert system is to improve the quality of decision¬ 
making. The computer can accomplish this goal by performing some of the complex or 
laborious tasks usually done by people. The time-consuming and sometimes tedious job 
of scheduling work on a manufacturing plant floor, analyzing business trends, or even 
diagnosing an illness are some examples of tasks that expert systems are currently 
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handling in several civilian industrial fields. In short, by taking the knowledge of an 
expert in a given field and encapsulating that knowledge as a group of facts and heuristics 
for the computer, less experienced people can invoke the same level of knowledge as an 
expert. 

An organization would use expert system technology in cases where human 
experts are in high demand and short supply. Expert systems provide a measure of 
permanence and can repeat mundane decisions faithfully, allowing the human being to 
focus on his/her strong points - spontaneous thought or adding to the knowledge base. 
Once this knowledge is in the memory banks, the computer does not forget and can 
actually “learn” from the new information. Therefore, reproducibility is another key 
advantage. Also, computers are not as expensive as training human experts, since the 
computer cannot “walk” out the door once the knowledge is learned. The third factor is 
consistency, whereby similar transactions are handled in the same manner. Permanent 
documentation of the decision process is the fourth factor. Depth is the last benefit. 
Combining the knowledge of many experts provides more depth of knowledge than one 
person could ever hope to amass. Expert systems can also be designed with feedback 
mechanisms to expand their own knowledge base, increasing the amount of expert 
knowledge available. These are just a few of the many advantages realized by employing 
expert systems. [Ref. 65: p. 11] 

As with any technology, disadvantages accompany advantages. Expert systems 
can not duplicate that critical human capacity of common sense. Therefore it is 
important that expert systems be viewed as one tool in the decision maker’s arsenal. 
Creativity is another area in which expert systems are deficient. If the rules applying to 
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situations are not present in the knowledge base, the expert system can deduce them but 
cannot perform spontaneous association or subjective cross-referencing, i.e., one person 
mentions a word or phrase and it reminds another person of a childhood memory. The 
rules in expert systems must be continually updated. Also, human beings have a variety 
of senses to assist in making decisions. Expert systems rely solely on the user’s input, the 
coded heuristic, and knowledge contained in the knowledge base. [Ref. 65: p. 11] In 
short, as long as a human being interfaces with the computer or machine, even with the 
disadvantages, expert systems can provide a valuable added dimension to the decision¬ 
making process. 

Expert systems are prevalent in the civilian sector, with approximately seventy 
percent of the top 500 companies in the United States using expert systems. [Ref. 62: p. 
68] Industries such as manufacturing are using these systems for scheduling work on the 
plant floor. [Ref. 62: p. 68] During the 1988 Olympics, police schedules and paychecks 
in Lillehammer, Norway were generated by knowledge-based systems. [Ref. 66: p. 72] 
Within die field of medicine, expert systems help prevent adverse interactions among 
drugs prescribed to patients, check 50 million electrocardiograms per year, and diagnose 
illn esses based upon symptoms and patient information. [Ref. 62: p. 71] The financial 
industry is using expert systems to detect and stop credit-card fraud. During the last 18 
months, these applications of expert systems have prevented the loss of fifty million 
dollars by spotting anomalies in the purchasing patterns of customers. [Ref. 62: p. 70] 
Within the engineering industry, expert systems embedded within Computer Assisted 
Design systems help the user analyze and optimize the design. [Ref. 67: p. 18] These are 
just a few of the civilian areas in which expert systems are flourishing. 
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Products and practices which perform well within the civilian industries often end 
up being used in the government, and expert systems are no exception. Screening welfare 
recipients and assisting U.S. Customs agents to identify illegal cargo are two of the ways 
in which expert systems are being used. [Ref. 62: p. 70] The military is researching the 
use of expert systems in limited cases. Currently undergoing evaluation at Fleet Tr ainin g 
Center San Diego is the MK92 Fire Control System Maintenance Advisor Expert System, 
which is designed to help the maintenance technicians in repairing the MK92 Fire Control 
System. Optimizing maneuvers in aerial combat is another area in which research is 
ongoing. 

With this technology becoming prevalent in today’s business and government, 
education has been a logical expansion. Researchers are investigating the use of advisory 
agent software, which is an integration of artificial intelligence principles and embedded 
knowledge. In short, it is expert system technology. This type of software offers 
instruction and advice to help someone complete a task. At the first use of this software, 
the agent’s knowledge is very basic, but the more often the software is used, the expert 
system adds to its knowledge base, and the more it learns about the user and how to best 
assist the person. Most software use wizards to assist the user. This intelligent agent 
software, named “Coach”, will be able to build and maintain information about a user’s 
proficiency, the mistakes made and what method the user chose to correct the mistake, 
and in terms of “coaching”, what worked and did not work. An added benefit is that the 
“Coach” can be made available to the teacher to assist in understanding where a student 
might be having difficulty. [Ref. 57: p. 98] Software companies are beginning to use this 
kind of technology to improve user support and user satisfaction. As a matter of fact, 
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Microsoft® is planning to use expert systems technology in the self-help portion of future 
releases of its Windows software. [Ref. 66: p. 72] 

Expert systems are working successfully in many areas of industry. The military 
has invested money in developing a limited number of expert systems for operational use. 
As the success of these experts systems becomes widely known, more people will be 
willing to invest in and use them. The underlying premise of expert systems is that now 
less experienced personnel can have access to and use the knowledge of experts, 
benefiting everyone. 
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APPENDIX C. EDUCATIONAL SKILLS REQUIREMENTS 


A. INFORMATION WARFARE (Curriculum 595, subspecialty code XX46P) 

. The officer will have an in-depth understanding of IW/C2W and the disciplines 
needed to support them. 

• The officer will have in-depth understanding of the capabilities, limitations, design 
and operation of communications, computers and information networks. 

• The officer will have a systems level understanding of information systems and their 
vulnerabilities as well as capabilities. 


The officer will understand the organizational decision process, as well as the 
structure and other processes of organizations with emphasis on their vulnerabilites 

and capabilities. 

The officer will understand the concepts, principles, methods and capabilities of jomt 
operational intelligence, with emphasis on the operational requirements levied upon 
the intelligence community to support IW/C2W. 

The officer will understand the integration of IW as a weapon and its role to modem 
warfare; understand the integral roles of EW, psychological^aattons. mntoy 
deception, OPSEC, and physical destruction; understand INFOSEC and nodal attack 
in this warfare area; employ real-time intelligence, tactics and EW systems, 
understand the physical principles of generation, transmission, propagation, reception, 
processing and suppression of detection and surveillance information. 

The officer will demonstrate the ability to conduct independent analysis in IW/CIW 
and proficiency in presenting the results in writing and orally by means of a thesis and 

command oriented briefings. 

The officer will have an understanding of the American and world miltay histoty 
and joint maritime planning including the origins and evolution of national and allied 

strategy. [Ref. 68] 
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B. COMPUTER SCIENCE (Curriculum 368, subspecialty code XX91P) 

• The officer will have a thorough knowledge of software engineering to include: 

• An understanding of the software development process, including 
specification of requirements, design, implementation, testing and 
maintenance. Military real time software projects, such as control software for 
a ship’s boiler. Design on systems that emulate requirements in real time 
embedded systems used by DOD. 

• The ability to plan and implement a major programming project and develop 
the appropriate documentation. 

• The ability to incorporate modem software engineering techniques in Ada 
based systems. 

• The officer must have a thorough knowledge of software technology to include: 

• The formal definition of programming languages covering specifications of 
syntax and semantics, properties of block structured languages, programming 
techniques and evaluation of languages. 

• The relations that hold among the elements of data involved in problems, the 
structure of storage media and machines, the methods useful in representing 
structured data in storage, and techniques of operating upon data structures. 

• Operating systems used in various environments relative to addressing 
techniques, memory management, file system design and management, system 
accountability and security, all built around DOD ADP security instructions. 

• The techniques used in the design and implementation of programming 
languages. 

• Design and implementation of database systems including hierarchy, network 
and relational models, and the language extensions required to support such 
systems. 

• Computer graphics covering human-computer interaction and methods for 
computer-assisted problem solving. 

• Artificial intelligence techniques including heuristic search, artificial 
intelligence languages, knowledge representation, expert systems and means- 
end analysis. 

• Formal methods for the design and analysis of software systems. 
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The officer must have a thorough knowledge of computer system design to include: 


• System analysis and design theory encompassing the basics of analysis, design 
and testing. 

• Empirical and analytical methods for determining the efficiency and 
performance of computer systems. 

• An understanding of the design issues of hardware/software compatibility, 
operating system compatibility and information system requirements. 

• Computer science theory relevant to the capabilities and limitation of 
hardware and software systems. 

• Computer security of DOD and other hardware systems, software systems and 
networks. 

• The officer must have a thorough knowledge of computer architecture to include: 

• Basic components of computer systems and their patterns of configuration and 
communication covering the range of large scale mainframes to 
microcomputers. 

• The organization, logic design, and components of military and other digital 
computing systems relating to multiprocessing, multiprogramming, distributed 
processing and networking. 

• The officer shall possess skills that perform a realistic perspective on solving military 
and real world problems. 

• Completing a significant project applying academic skills outside the 
classroom. 

• The graduate will demonstrate the ability to conduct independent analysis in 
computer science and proficiency in presenting the results in writing and 
orally by means of a thesis and command-oriented briefing. 

• American and world military history and joint and maritime planning including the 
origins and evolution of national and allied strategy; current American and allied 
military strategies which address the entire spectrum of conflict; the U.S. maritime 
component of national military strategy; the organizational structure of the U.S. 
defense establishment; the role of the commanders of unified and specified commands 
in strategic planning, the process of strategic planning; joint and service doctrine, and 
the roles and missions of each in meeting national strategy. [Ref. 69: pp. 62-3] 
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C. INFORMATION TECHNOLOGY MANAGEMENT (Curriculum 370, 
subspecialty code XX89P) 

• American and world militaiy history and joint and maritime planning including the 
origins and evolution of national and allied strategy; current American and allied 
military strategies which address the entire spectrum of conflict; the U.S. maritime 
component of the National Military Strategy; the organizational structure of the U.S. 
defense establishment; the role of the Commanders of the Unified and Specified 
Commands in strategic planning; the process of strategic planning; joint and service 
doctrine, and the roles and missions of each in meeting national requirements. 

• The officer must have a thorough knowledge of information systems technology to 
include: 

• Computer Systems: Components of computer systems including central 
processing units, input/output devices, storage devices, operating systems, 
progr amming languages, distributed computer systems and computer security. 

• Communication Systems and Networks: PCM systems, AM, FM, TV, 
modulation, SATCOM, fiber optics, HF, microwave systems, error control 
coding, antijam communications, low probability of intercept 
communications, GPS, data encryption, wide- and local-area network 
hardware, software, components and systems, physical layer interfaces and 
protocols, communications software, network management and control, and 
communications security. 

• Software Engineering: Methodologies for the analysis, design, development, 
prototyping, testing, implementation and maintenance of software; software 
metrics and reliability; productivity analysis and software cost estimation and 
planning; man-machine interfaces and system ergonomics; CASE and ICASE 
tools. 

• Database Management Systems: Database technologies (including object 
oriented) and technical an administrative issues involved in the design, 
implementation and maintenance of database management systems. 

• Decision Support and Expert Systems: Problem identification, formulation, 
and design of systems to support decision making; application of artificial 
intelligence technology to preserve perishable expertise and enhance 
distributed expertise; understanding the design of executive information 
systems, office automation, group decision support systems and crisis 
management systems, and their potential impacts on organizations and 
missions. 
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• The must officer must master the following concepts to effectively manage 
information system assets: 

• Managerial Concepts: Decision-making theory, microeconomics, operations 
analysis, financial management, organization development, and research 
methodologies. 

• Evaluation of Information Systems: cost and operational effectiveness 
(benefit) analysis; selection, evaluation, acquisition, installation and effective 
utilization of information systems hardware and software; risk assessment; 
information system architectures involving alternative system concepts. 

• Systems Analysis and Design: Information systems feasibility studies and life 
cycle management including fact-finding techniques for deter mining systems 
requirements and specifications, system performance evaluation, conversion 
and maintenance of legacy systems and post-implementation evaluation and 
security analysis of information systems. 

• Management of Information Systems: Information systems facilities planning, 
production planning and control, requirements determination of information 
systems personnel, human resource management, budgeting and financial 
control of computer centers, design of effective organization structure and 
information systems, and control and security (INFOSEC) policies. 

• Adapting to Technological, Organizational, and Economic Changes: 
Evaluation of potential impacts of new technology on information systems 
planning and development and on organization strategy; appraisal of evolving 
responsibilities of information systems managers. 

• The officer must be able to combine analytical methods and technical expertise with 
operational experience for effective military applications to include: 

• DOD Decision Making Process on Information Systems: DOD, DON, OMB 
and congressional decision making on information systems matters. 

• Acquisition Management: Acquisition policies and procedures of the DOD, 
including the planning, programming, and budgeting system; project 
management. 

• DOD Computer and Telecommunications: Architectures and specifications of 
Navy and DOD systems, computers, telecommunications networks and 
services, including the Defense Communication System (DCS); Navy fleet 
communications system, including satellite communications, WWMMCCS, 
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MIN, JMCIS, GCCS, and the Navy Telecommunications System (NTS); 
Decision Support Systems. 

• C4I and C2W: Concepts and application to strategic, operational and tactical 
level operations including support. [Ref. 69: pp. 139-141] 
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